[mmalone]

I've never used XCA but I've heard of it. Does it have an actual "online CA" with an API for signing certificates or is it more of a desktop app that works with local signing certificates - like a graphical version of OpenSSL?

If you ever have a reason to check out the `step` / `step-ca` toolchain I'd love to chat about the differences you see. Message me here or shoot me an email (mike at smallstep).

[urda]

Since it's my own CA, I have a few personal scripts that handle it. Everything else (like the root cert) is handled offline with a different physical device. It's nothing more than some glorified bash stuff and pulling public CA's from my own sites.

XCA is a gui for dealing with making certs. For me even as a technical user, i prefer it more than CLI.

[mmalone]

Cool that's good feedback. We've been working on a web interface that we could maybe turn into an electron app for this sort of stuff.

I'm probably pressing my luck promoting here but if you do a bunch of cert related stuff check out our `step certificate` command group at https://smallstep.com/docs/cli/certificate/#commands -- it does a bunch of cool stuff like dumping x509 as JSON and extracting public keys and linting certs and it's way easier to use than openssl. Might be useful in your scripts.

[urda]

I will be taking a look at it for sure! Like I said i'm pretty small time, but I love the power of having my own CA.